The battle for the best desktop browser will never be settled. There are those who will always swear by Google Chrome; others who hold Safari up as the clear winner; and even some who have stuck by Internet Explorer (IE) despite constant press negativity.

This is designed for all levels of expertise — meaning we won’t cover VPN services like Tor because relatively few actually use that.

Instead, we’re focusing on the most popular six. Those are, at the time of writing: Chrome (59.61% market share); Internet Explorer (14.18%); Firefox (12.85%); Edge (5.15%); Safari (5.08%); and Opera (1.27%). Again, we’re looking solely at desktop, but even if we include smartphone and tablet browsers, Chrome still comes out on top. However, Safari naturally sees a huge increase, thanks to it being the iPhone browser, putting it in second place.

We’re going to look at each of these in turn, listing them in order of market share.

This isn’t a popularity contest: let’s find out which is the most secure!

Google Chrome

Google is renowned for its solid security measures, which probably accounts for a considerable number of users downloading Chrome. It’s fair to say the rest just became used to it after dissatisfaction with IE. With an almost 60% market share, millions use Chrome. A wealth of those accessing the web through different gateways no doubt still use Google as a search engineStop Using Google Search: Here's WhyStop Using Google Search: Here's WhyGoogle has unrivaled access to your browsing habits. Giving everything to Google isn't such a good idea. Here are some excellent Google alternatives that still get the job done.Read More too.

All in all: the majority of people use, and therefore trust, Google.

But are they right to?

Sandboxing

Let’s introduce you to a concept that we’re going to keep coming back to, but which Chrome arguably does best: sandboxing.

Essentially, sandboxing is damage limitation. This is a safe space isolated from other areas of your computer: what happens in the sandbox stays in the sandbox — unless, that is, it’s something you’ve allowed to have wider effects.

Any page or tab opened on Chrome is sandboxed so it can’t adversely affect your OS or any other app you’re running. If one website is unresponsive, those loaded on other tabs should still carry on as normal. Equally, if you encounter an unsafe site, any potential viruses won’t impact the rest of your PC. Once you close the page, the unsafe site is gone too.

Chrome also defaults to the most secure settings without negatively impacting your experience. In the address bar, it’ll tell you whether a site is secure (i.e. if it has SSL or TLS certificatesHow Web Browsing Is Becoming Even More SecureHow Web Browsing Is Becoming Even More SecureWe have SSL certificates to thank for our security and privacy. But recent breaches and flaws may have dented your trust in the cryptographic protocol. Fortunately, SSL is adapting, being upgraded - here's how.Read More), and clicking on that padlock or “i” symbol will tell you more about your connection. It’ll advise you whether you can safely submit sensitive information, for example, followed by a list of general permissions.

On default, it will allow the loading of images, JavaScript, and Background Sync. For all others, like accessing your webcam, microphone, and location, Chrome will ask you whether this is really something you want to do.

All of these are customizable, but rest assured that you don’t need to do anything to these settings to improve security or usability.

The best thing about Chrome, however, is its updates. With major security patches issued every 15 days, Google is the fastest mainstream browser to respond to vulnerabilities. Any browser that checks whether fixes must be applied so regularly should be applauded.

Reporting Exploitations

In the latest two-day hacking contest, Pwn2Own, hacking collectives attempted to exploit (and so expose) vulnerabilities in major browsers. In 2016 and 2017, Chrome came out on top, with no hackers able to crack it in the allotted time limit.

It doesn’t mean that no one could eventually carry out a successful cyberattack, but it remains a good sign that Chrome is a very strong contender.

If a full report is made, the standing reward money is up to $15,000. That total is to anyone finding fault in the sandboxing process, though other prizes remain for smaller issues including bugs in third-party components.

Patches for any problems would then be issued via updates.

Are There Any Negatives?

Naturally. Nothing is impervious.

One of the things acting against Chrome is its popularity. You might question the logic of this argument, but because it’s used by so many, it’s the biggest target. In 2016, Chrome had the most discovered vulnerabilities (172, compared to Edge’s 135). The statistic doesn’t account for the severity of flaws, how fast they were patched, or, of course, how many remain undiscovered on other browsers.

Similarly, a patch may be issued, but that doesn’t mean users are updating their settings. This is a problem shared by all mainstream browsers, and Chrome isn’t the worst affected. Still, around 50% don’t update.

Yet it’s very easy to do! Just click on the vertical ellipses at the top right, then Help > About Google Chrome. It should automatically update. It takes a few seconds to do, and will require relaunching. Don’t worry about losing any pages, they’ll be saved.

We might applaud the browser’s security measures, but it doesn’t have an entirely clean record. You know what we’re talking about: privacy.

Another bonus is its transparency in showing you your security and privacy settings. Just click the cog at the top right, then Internet options. A box will appear that lets you flit between numerous tabs, but the second and third should take your attention. Here, you can see your Trusted and Restricted Sites, and then toggle the security actions taken. You can also benefit from Protected Mode, which isolates untrusted sites and add-ons, and so limits the harm they can do to your PC. It’s IE’s sandboxing, basically.

Then in the Privacy tab, you can tick a box to stop sites requesting locational data, and change settings for InPrivate Browsing and the Pop-up Blocker.

This Doesn’t Sound Too Bad

It’s not awful. IE has a terrible reputation, hence why Microsoft is in the process of killing it off in favor of Edge. But maybe it’s not as eye-wateringly bad as you’ve heard.

And this is still Microsoft we’re talking about, so you’re covered by the firm’s Privacy Policies, which are pretty similar to Google’s. Both internet giants can make money from your data, so it’d be naïve to think they wouldn’t on ethical grounds.

Still, it’s going the way of the dodo. There’s no denying it. In 5 years’ time, IE will be a relic of the past. Some would argue it already is…

Why Should You Avoid IE?

The aforementioned settings that give you extra control over your security and privacy don’t default to the most secure options. It’s customizable, so you must take matters into your own hands. This is especially bad as those using IE will likely not be as tech-savvy as those who have transferred to Edge or indeed another browser altogether.

The core problem, however, is the lack of updates in the near future. For now, Microsoft recognizes the considerable 14.18% market share and still pushes security patches. That won’t last. It can’t. It’s a redundant system. You should be informed when support ends, but keep an eye on MakeUseOf just in case.

In 2016, 129 vulnerabilities were discovered on IE; this will surely rise as more sophisticated malicious software is unleashed online. The ongoing concern isn’t just that more flaws will be found, but more so that fewer outlets will even bother reporting them.

If you’re not using IE11, you really need to update the version you are using, or switch entirely. IE11 is only compatible with Windows 8.1 or newer, so you’re stuck with an older, unsecure IE if you have an earlier OS.

In that case, you definitely need to change browser.

Firefox

The number of people who still use Firefox is dropping, yet it still holds a 12.85% market share.

Firefox is the only browser to do this automatically. That’s a fantastic thing.

Again, this feeds back into the fact Mozilla is non-profit. Google can benefit from personalized adverts, for example, whereas Mozilla won’t:

“We believe the Internet is for people, not profit. Unlike other companies, we don’t sell access to your data. You’re in control over who sees your search and browsing history. Choice — that’s what a healthy Internet is all about!”

It’s a solid ethic that we should all get behind.

The Sandboxing Problem

Created in 2002, and widely released two years later, Firefox’s architecture was somewhat out-of-date, just as with IE. The latter was replaced by Edge, but Mozilla didn’t need to completely replace its browser because Firefox has a pretty good reputation. The thing it needed to address, however, was sandboxing.

Right now, sandboxing is key. It’s that added peace of mind; after all, everyone slips up sometimes and experiences a bug that could affect your wider OS. It’s even how smartphones work, limiting the impact one app can have over anything else.

The fact that Firefox didn’t implement such security measures was worrying. But Mozilla listens to its community: since 2009, it’s been developing Project Electrolysis, and has been slowly phasing in the sandboxing method since August 2016. It took so long because it had to retroactively preserve the compatibility of extensions.

In Firefox version 54, released in June 2017, the feature took full effect.

The Electrolysis multi-process technique is different from any browser based on the Chromium Projects’ source code. Whereas Chrome’s sandboxing sees new processes created for each new tab, Firefox enforces a four-process limit. That doesn’t mean you can only open four pages. Instead, any further content will effectively leach off the power used for those first core processes.

In effect, you get the same advantages of sandboxing, but your experience will be a lot faster.

Other Security Features?

Elsewhere, Firefox boasts the most impressive update times.

Major updates are typically issued every 28 days or so, but minor patches are rolled out more frequently than that, depending on the vulnerabilities. Google is quicker with large-scale updates; Firefox is quicker when it comes to tweaking settings.

This is due to the fact it’s independent open-source software. The code is accessible, so you can check there’s nothing malicious going on under the hood.

Any Problems?

Firefox is obviously as susceptible to vulnerabilities as other browsers, with 133 discovered in 2016 alone. Their repercussions, however, pale in comparison to the browser’s update times.

In 2016, Firefox didn’t seem worth hacking any more, at least if we look at that year’s Pwn2Own contest. Hackers didn’t attempt it at all. Brian Gorenc, manager of Vulnerability Research at Hewlett Packard Enterprise, said:

“We wanted to focus on the browsers that have made serious security improvements in the last year.”

Now, it’s a serious contender again. As such, in Pwn2Own 2017, the browser proved impervious to a few cyberattacks — but caved into one exploitation. We expect a patch was soon issued.

As ever, it’s up to individual users to download the upgrades. Around 33% of Firefox users aren’t running the latest version… and in some cases, that might mean users don’t benefit from the sandboxing-like multi-processing method.

Still, Firefox has come a long way in just a few months, and it can hold its own against other browsers.

Microsoft is urging users to migrate from IE to Edge. Based on security alone, is it a good move?

Does Its Newness Affect Security?

As the newest mainstream browser in this list, Edge is yet to pass the greatest test of all: time. That’s how Chrome has got where it is now; it’s simply braved the storms and reacted in a prompt manner to any vulnerabilities.

This much is evident from the exploitations discovered in its debut year. In 2015, a considerable 270 vulnerabilities were exposed — that’s more than Chrome, IE, Firefox, and Safari. You might expect that number to decrease considerably in the following year…

And that’s exactly what happened, fortunately! 135 were discovered in 2016, literally halving its total. It’s applaudable. Then again, of those aforementioned mainstream browsers, it’s second-place only to Chrome in the number of flaws. We should now reinforce the fact that discovered flaws doesn’t mean any other browser doesn’t have more potential issues to exploit; it just means they’re yet to be found.

Basically, Edge is new, and that both works in its favor and against it.

Does It Have the Edge?

Edge is one of Microsoft’s highest priorities, and so it enjoys a lot of care. As you might expect, updates are frequent. It receives patches two or three times a month, so as long as you’ve got your eye on the ball, problems will be ironed out early in the browser’s life.

Support will lessen over time, but again, that’s purely because right now, its freshness proves an interesting challenge to cybercriminals intent on finding new means of exploitation.

It does have another thing going for it, and you might be getting déjà vu here: sandboxing. It doesn’t make Edge stronger than other browsers, but does at least level the playing field. It’s what we expect nowadays.

This is because the site has been reported as unsafe. In late 2016, cybersecurity experts, NSS Labs tested over 300 examp [Broken Link Removed]les of malware and phishing on Chrome, Firefox, and Edge. The latter’s SmartScreen blocked 99% of these, compared to Chrome’s 85.8% and Firefox’s 78.3%. That’s fantastic because it means Microsoft’s list of sites reported as unsafe is extensive.

Obviously, Edge has an in-private mode. Your browser won’t store passwords, contact details, or any other data passed collected using cookies. That keeps your stuff hidden from other people using your computer — but advertizers can still track you. Microsoft can still profit from selling on your data, so don’t expect the secrecy awarded by Firefox or VPNs.

Anything Bad to Consider?

Certainly if you’re wondering whether to replace IE with Edge, you should do so. The latter is superior in pretty much every way. Unfortunately, roughly 75% of IE/Edge users are still running out-of-date versions. That’s a big problem.

Optimistically, fewer vulnerabilities are typically found than on Chrome, IE, Firefox, and Edge. In 2016, just 56 were discovered. Yes, that’s a lot, but in comparison to Chrome’s 172, it’s commendable. Before that, 2015 was a bad year: 135 problems were identified, yet Safari remains, year-on-year, the browser with the fewest known vulnerabilities.

Less frequent patches seem okay if there are less flaws to fix in the first place.

Conversely, taking 54 days to issue major updates is troubling. At least smaller patches are rolled out more often.

And this is another solid reason why intermittent updates is a good thing. Currently, around 33% of Safari users are running an older version; compared to the other mainstream browsers, this is the smallest percentage, in line with Firefox.

Users are surely more likely to install new versions if these are issued more irregularly. We’d definitely prefer to update Safari than Edge, considering the latter works in conjunction with Windows. An inconvenient system restart is needed to finalize the installation.

Reasons Not to Use Safari

All of this is in opposition to those headlines you might have read recently about Safari having more vulnerabilities than even IE.

Google’s Project Zero team publicly analyzed security on the five main browsers. They used Domato, an automated tool with around 100,000,000 iterations. It’s a costly thing, but cybercriminals could easily get reimbursement.

“Apple Safari is a clear outlier in the experiment with significantly higher number of bugs found. This is especially worrying given attackers’ interest in the platform as evidenced by the exploit prices and recent targeted attacks.”

You might rationalize it: Google carried out the test, so of course Chrome would come in 1st Place. Nonetheless, the results were conclusive; those flaws existed. Since then, patches have been issued. It remains a concern, as the test exposed problems with WebKit — and that’s the basic architecture for all Apple products.

Safari fared badly at the Pwn2Own 2017 contest too, with numerous successful hacking attempts across the three-day event. Some did fail, so Safari is still preferable to Edge at least.

Opera

You might already have come to a decision on which browser’s the most secure.

Opera was feeling its age in the late 2000s, but it completely revolutionized itself in 2013. This was simply by taking on the same source coding as the Chromium Projects. Effectively, it has the same security as Chrome — notably that crucial sandboxing method. It also checks SSL/TSL certificates, making sure your connection is secure and genuine.

Data is shared between third-parties, ergo add-ons, and Opera. The browser’s focus on privacy is aided by the VPN service, but comes second to Firefox purely because it does collect some information.

Opera also automatically updates, so you don’t need to trouble yourself with making sure the latest version is installed. Saying that, updates are issued every 48 days — more frequent than Safari, but falling behind all others listed above. It’s a less popular browser, so you could argue that it’s granted some security through obscurity (STO); should that sway you? Not especially. Nor should the fact it’s not open-source. It does, at least, explain the comparatively slow update times.

Because its structure is based on Chromium, Opera wasn’t a contender at the Pwn2Own 2017 event, but based on all we’ve heard, maybe it should be in the 2018 contest…

A Final Word on Downloads

In most cases, your OS already has a browser installed as default. If you’ve got a new version of Windows, it’ll be Edge; for Mac users, you’ll have Safari. Most Linux desktops have Firefox preinstalled.

Whichever you have, you’ll probably want to try out another. Hopefully this article will have tempted you. That requires you use the default browser to find the one you actually want. (Sometimes, you have to wonder how many folk have only ever used IE to get Chrome.)

Right now, the most secure browsers are Chrome and Opera. They use the same techniques, and, rather pleasingly, are respectively the browsers with the biggest and smallest market shares on this list. If you’re used to one, try out the other; we’re sure you’ll be impressed.

Firefox is also a very solid browser, and we love Mozilla’s focus on privacy. It has vulnerabilities, but so does every other browser. That includes Safari — not as invincible as some would have you believe, but still pretty good.

If you’ve still got IE, you definitely need to upgrade to Edge. It’s superior, merely for the frequent updates Microsoft will continue to push.

And there we have it. All in all, five of the six mainstream browsers boast a good deal of security, but Chrome and Opera come out on top.

One final reminder, though. A common factor you need to remember. Keep your browser updated.

Thanks for sticking with us. How do you feel about our findings? Which browser do you currently use and why? Are you tempted to switch to a different one? Let us know in the comments section below!

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Elganif

January 29, 2019 at 3:57 pm

Maybe I missed it but you forgot to discus one of the biggest vulnerabilities of modern browsers, keeping old data lying around after its done with - not deleting cookies or cache on exit - even as a user option in most cases. Not destroying that data as soon as its not needed leaves the possibility of it being found and used by other less friendly elements later.
For Chrome and Opera there are plugins that do that, but less then perfectly and you shouldn't be relying on third party for something so essential.

Is this article a paid plug for Chrome? As soon as I scanned it and saw about 25% dedicated to extolling the virtues of Chrome, I knew that it will declared The Most Secure. Especially since any concerns about Google hoovering up user data were fluffed off with "there are a lot of services that collects and sells on your data" (sic). You cannot have security without privacy and vice versa. And no user data is private when using any Google products.

There is still some work to do, but I really like the direction of the BRAVE browser.
I am using Firefox less each day, in part to the fact that Mozilla is pushing for Net Neutrality. And if you think Net Neutrality is a good thing, just wait til you can't afford internet.

Opera was the best browser between around 1999 and 2005. By the mid 2000s other browsers had copied most of its designs and innovations. (If you went back in time to 2003, Opera would be the only browser that would seem modern.)

I still use it on some of my older machines because it isn’t the memory-hog that Chrome is on MacOS.

Simple answer: none. They all record data, keep logs, etc. I'll admit Firefox and Chrome have taken strides to offer better security in recent years, but I still never browse with a VPN. ExpressVPN, Nord, Ivacy, etc. offer logless browsing with encrypted servers. Hell, ExpressVPN even came out with its own browser extension a few months ago. Using a VPN has become like second nature for me now.

It is ludicrous to consider any browser that reports home on its users' browsing habits as "secure". Four of the six browsers mentioned (IE, Edge, Chrome and Safari) by definition should be considered INSECURE. Unfortunately, Google has corrupted Firefox code so that it too reports to Google. So Firefox is insecure. I do not use Opera so I do not know if it contains any code that forces it to also report to Google.

"This isn’t about Linux or Mac or Windows desktop."
Oh, but it most definitely is! Any browser written specifically for Linux or BSD, such as Midori or Arora, is inherently more secure than one written specifically for Windows or Mac. Unless, of course, Google has managed to gets its tentacles into that code.

Unless its embedded invisibly in the chromium base (which I wouldn't put past google) Opera doesn't collect data unless you sign up for usage statistics, which is anonymised into aggregate statistics for feature planning.
They actually had problems at one point because too many people were not using the feature and when certain changes were made based on what they did have they got a lot of complaints from the users on the forums.

Browsers that track you, collect usage data, store that data, share that data /=/ secure. Some of these browsers do not deserve the extensive, back-bending, write-up they got - regardless of usage share. Even a privacy-respecting browser on an Operating System whose main purpose is to surveil users, can no longer be considered safe to use.

We need to start seeing extensive articles about the kinds of surveillance Mainstream Browsers engage in. Which is the worst from this standpoint. What kinds of tricks do they engage in, what kinds of surveillance do these browsers do when you aren't even using their browser (on the web, on your OS, etc).

Which ones are the most transparent as to their data-collection and tracking activities. Is there any accountability for their actions or when their data is hacked or shared. Who are they sharing this data with?

Agreed. We need some accountability laws that make search engines liable for data breaches and require them to list for users exactly how and what they track and store. Anything less is a breach of privacy. When Google knows more about you than all the members of your family combined, something is out-of-hand and grossly wrong.

When he’s not watching television, reading books ‘n’ Marvel comics, listening to The Killers, and obsessing over script ideas, Philip Bates pretends to be a freelance writer. He enjoys collecting everything.